2FA (two-factor authentication), or also called two-step login, has become more popular to use when logging into websites and services. What I’m noticing is a trend that people think 2FA will stop hackers or phishing or the many other attacks that can happen. 2FA can help, in some situations, but it’s not some magic cure. …
With the rise of 2FA (two-factor authentication) we’re seeing an increase in people wanting to use physical keys, or Yubikey’s as they called, more and more. Since Yubikey’s are so new to people, they may wonder if they can use it for multiple online accounts? They may even have people telling them they need to …
Storing your 2FA TOTP tokens in your password manager has become a hotly debated topic. In a perfect world, you should NOT keep your 2FA tokens in your password manager. But we don’t live in that world, and the honest answer is a lot more nuanced. And for most people, keeping your 2FA tokens in …
To understand why we don’t need SMS 2FA, we’ll order the factors from least secure to most secure. Password Password + SMS 2FA Password + Authenticator App Unique Password Unique Password + U2F *A unique password is a reasonable length, random, and never reused password. Password – Affected by phishing attacks, credential stuffing attacks, malware, and brute force …
A common trend I see is the rush to turn on 2FA like Google Authenticator and Authy, but do people understand why it’s so effective? Google Authenticator and Authy are TOTP (Time-based One-time Password) 2FA. I’m going to show you what makes TOTP 2FA so effective and why this matters. How TOTP 2FA Works When …
We don’t need SMS 2FA. I’m going to break down why we don’t need SMS 2FA and give you a replacement that is not only better but cheaper and easier too. What Is SMS 2FA? Hopefully, if you’re reading this, you have a good understanding of SMS 2FA. If you don’t, SMS 2FA is the …